Follow these steps to create a load balancer using CloudFormation:
- Open up your text editor and create a new CloudFormation template. We're going to require a VPC ID and some subnet IDs as Parameters. Add them to your template, as follows:
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
VPCID:
Type: AWS::EC2::VPC::Id
Description: VPC where load balancer and instance will launch
SubnetIDs:
Type: List<AWS::EC2::Subnet::Id>
Description: Subnets where load balancer and instance will launch (pick at least 2)
- Next, we need to add some Mappings of ELB account IDs. We'd like to be able to store logs for our ELB and store them in an S3 bucket. This requires updating the bucket policy on our S3 bucket to allow access to the associated AWS Account ID. We'll use this Mappings section to store these. Your mappings should look like this:
You can find the complete list of ELB account IDs here: http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html#attach-bucket-policy.
Mappings:
ELBAccountMap:
us-east-1:
ELBAccountID: 127311923021
ap-southeast-2:
ELBAccountID: 783225319266
- Now, we can start adding Resources to our template. First, we're going to create an S3 bucket and bucket policy so that we can store our load balancer logs. To make this template portable, we'll omit a bucket name, but, for convenience, we'll include the bucket name in our outputs so that CloudFormation will echo the name back to us:
Resources:
ExampleLogBucket:
Type: AWS::S3::Bucket
ExampleBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket:
Ref: ExampleLogBucket
PolicyDocument:
Statement:
-
Action:
- "s3:PutObject"
Effect: "Allow"
Resource:
Fn::Join:
- ""
-
- "arn:aws:s3:::"
- Ref: ExampleLogBucket
- "/*"
Principal:
AWS:
Fn::FindInMap: [ ELBAccountMap, Ref: "AWS::Region",
ELBAccountID ]
- Next, we need to create a security group for our load balancer to reside in. This security group will allow inbound connections to port 80 (HTTP). To simplify this recipe, we'll leave out port 443 (HTTPS), but we'll briefly cover how to add this functionality later in this section. Since we're adding a public load balancer, we want to allow connections to it from everywhere (0.0.0.0/0). This is what our security group looks like:
ExampleELBSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Security Group for example ELB
SecurityGroupIngress:
-
IpProtocol: tcp
CidrIp: 0.0.0.0/0
FromPort: 80
ToPort: 80
- Now, we need to define a target group. Upon completion of this recipe, you can go ahead and register your instances in this group so that HTTP requests will be forwarded to it. Alternatively, you can attach the target group to an autoscaling group and AWS will take care of the instance registration and deregistration for you.
- The target group is where we specify the health checks our load balancer should perform against the target instances. This health check is necessary to determine whether a registered instance should receive traffic. The example that's provided with this recipe includes these health check parameters, with the values all set to their defaults. Go ahead and tweak these to suit your needs, or, optionally, remove them if the defaults work for you:
ExampleTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Port: 80
Protocol: HTTP
HealthCheckIntervalSeconds: 30
HealthCheckProtocol: HTTP
HealthCheckPort: 80
HealthCheckPath: /
HealthCheckTimeoutSeconds: 5
HealthyThresholdCount: 5
UnhealthyThresholdCount: 2
Matcher:
HttpCode: '200'
VpcId:
Ref: VPCID
- We need to define at least one listener, which we will add to our load balancer. A listener will listen for incoming requests to the load balancer on the port and protocol we configure for it. Requests matching the port and protocol will be forwarded to our target group.
The configuration of our listener is going to be reasonably simple. We're listening for HTTP requests on port 80. We're also setting up a default action for this listener, which will forward our requests to the target group we defined previously. There is a soft limit of 50 listeners per load balancer:
ExampleListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
LoadBalancerArn:
Ref: ExampleLoadBalancer
DefaultActions:
- Type: forward
TargetGroupArn:
Ref: ExampleTargetGroup
Port: 80
Protocol: HTTP
- Finally, now that we have all the Resources we need, we can go ahead and set up our load balancer. We'll need to define at least two subnets for it to live in – these are included as Parameters in our example template:
ExampleLoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
LoadBalancerAttributes:
- Key: access_logs.s3.enabled
Value: true
- Key: access_logs.s3.bucket
Value:
Ref: ExampleLogBucket
- Key: idle_timeout.timeout_seconds
Value: 60
Scheme: internet-facing
Subnets:
- Fn::Select: [ 0, Ref: SubnetIDs ]
- Fn::Select: [ 1, Ref: SubnetIDs ]
SecurityGroups:
- Fn::GetAtt: ExampleELBSecurityGroup.GroupId
- Lastly, we're going to add some Outputs to our template for convenience. We're particularly interested in the name of the S3 bucket we created and the URL of the load balancer:
Outputs:
ExampleELBURL:
Value:
Fn::Join:
- ''
- [ 'http://', { 'Fn::GetAtt': [ ExampleLoadBalancer,
DNSName ] }, '/' ]
ExampleLogBucket:
Value:
Ref: ExampleLogBucket
Once you have created this stack and finished this recipe, don't forget to delete the stack to avoid any future charges.